"ataylor" wrote : | | Ok, I'll tidy this up,we still need ServiceLocator as we are still dependant on org.jboss.security.AuthenticationManager' and we need to find it via jndi when deployed under the App server. | | Any jaas stuff should be optional. The core shouldn't have jaas dependencies, but provide a simple non JAAS authentication / authorization manager which just uses a simple xml based role based security for authorization / authentication. It should be possible to inject a JAAS based authentication / authorization manager at run time using the MC, so this can be used when running inside AS -but again, this is outside core. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4132467#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...